• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Postfix/Dovecot MX entry

M

MoritzCH

New Pleskian
Hi,

after fixing this annoying HTTPS thing I have one last thing to solve. I would like to setup a SSL certificate for my mailserver and experience a strange problem.
I changed the MX DNS entry to "myvserver.info" (my domain) instead of "mail.myvserver.info" (so I can use the same certificate). Did this change on the vServer as well but when
I start a test on "checktls.com" I get this output ([000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)). Is this anything I have to worry about or
did I missed something?

[000.119] Connected to server
[000.251] <-- 220 myvserver.info ESMTP Postfix (Debian/GNU)
[000.251] We are allowed to connect
[000.252] --> EHLO checktls.com
[000.369] <-- 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.370] We can use this server
[000.370] TLS is an option on this server
[000.370] --> STARTTLS
[000.488] <-- 220 2.0.0 Ready to start TLS
[000.488] STARTTLS command works on this server
[000.738] Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.738] Connection converted to SSL
[000.753] Certificate 1 of 3 in chain:
subject= /OU=GT82378225/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=www.myvserver.info
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[000.766] Certificate 2 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Certificate 3 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Cert VALIDATED: ok
[000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)
[000.780] So email is encrypted but the host is not verified
[000.781] ~~> EHLO checktls.com
[000.900] <~~ 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.901] TLS successfully started on this server
[000.901] ~~> MAIL FROM:<[email protected]>
[001.024] <~~ 250 2.1.0 Ok
[001.025] Sender is OK
[001.025] ~~> RCPT TO:<[email protected]>
[001.147] <~~ 250 2.1.5 Ok
[001.147] Recipient OK, E-mail address proofed
[001.148] ~~> QUIT
[001.266] <~~ 221 2.0.0 Bye​
 
you mean inside the /etc/postfix/main.cf?
I already changed it inside the Plesk DNS settings and inside these files

-->
7vcj4234.png
 
your DNS is not doing anything in this case. The flow:

1. in your local mail application (e.g. Outlook) you have a mailserver (mail.myvserver.info) mentioned.
2. the DNS is translating this name to an IP
3. the mail app connects to that IP
4. the mail server on this IP tells who he is (myvserver.info)
5. your mail app request the SSL from the server
6. the server send the SSL of www.myvserver.info
7. your mail app checks mail.myvserver.info with www.myvserver.info and fails

change step 1 to www.myvserver.info and I think it will work
 
well it's not my local client giving me the feedback mentioned above. It's an online testing webpage :)
Going to test your advice when I get home from work
 
You must log in or register to reply here.

Similar threads

M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
2K
MHC_1
M
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
700
flederwiesel
flederwiesel
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
2K
deepnpisgah
D
W
Question I Can't Send Emails But I Can Receive Emails
Replies
0
Views
1K
wajada.id
W
Jürgen_T
Issue Postfix / Dovecot Problem / ePlesk 18.0.40 and Ubuntu 20 LTS
Replies
2
Views
2K
Bitpalast
Bitpalast
Back
Top